General Data Protection Regulation (GDPR) is coming

- are you ready to take advantage of the opportunity?

Although significant distance separates Australia from Europe, many organisations will be impacted by the European Union General Data Protection Regulation (GDPR). While some will see it as purely an exercise in regulatory compliance, others will see the opportunity it provides for competitive advantage.

In today’s digital global economy, many organisations recognise the value that can be derived from collecting and effectively using large volumes of customer data. However, the regulatory complexity associated with data protection and privacy increases with globalisation, as data flows relatively freely across borders.

As a result, data protection and privacy risks can no longer be assessed from an Australian regulatory standpoint alone. Businesses now need to consider the protection of customer data from a global perspective. The Office of the Australian Information Commissioner (OAIC) has recommended that businesses take steps to evaluate their information handling practices and governance structures, seeking legal advice where necessary, to implement the necessary changes well before commencement of the EU GDPR.

Changes to the European data protection law may impact Australian entities.

The EU GDPR applies to any business ‘established’ in the EU and any “controller” or “processor” of personal data who offers goods or services to individuals residing in the EU, or otherwise monitors the behaviour of individuals in the EU. This means that the EU GDPR regime may be applicable to Australian entities. While the EU GDPR and the Australian Privacy Act 1988 (Cth) (‘Privacy Act’) share many common features, there are some notable differences. For instance, the EU GDPR gives authorities the power to impose administrative fines for contraventions, with fines for certain contraventions up to €20 million or 4% of annual worldwide turnover, whichever is greater. The transition to GDPR regulatory compliance by 2018

Transitioning to GDPR compliance – the challenges.

The regime will impose a number of new requirements that do not apply and/or have not been fully considered under the Australian regulatory landscape. Full compliance by 2018 demands considerable planning and resource investment, in particular for non-EU entities. Entities may find that they have difficult choices to make about their priorities moving forward. While non-compliance presents a significant financial and reputational impact, we believe that achieving compliance with EU GDPR provides a significant opportunity for organisations to turn compliance into a competitive advantage.

PwC can help you assess your GDPR readiness As a multi-disciplinary practice made up of risk, data governance, cyber and legal practitioners, we are uniquely placed to help your business adjust to the new regulatory environment. Our team includes the complementary skills and expertise of lawyers, consultants, auditors, risk specialists, forensics experts and strategists available to assist entities turn EU GDPR compliance into a competitive advantage. Our team is truly global, with leading practitioners throughout Asia, the UK and US, who are well positioned to work alongside our teams here in Australia.

Is the GDPR relevant to your business?

For the first time, Australian businesses may be caught by European data protection laws if they “control” or “process” personal data of EU individuals.

This includes:

Australian entities that operate businesses that are established in a member state of the EU;

Australian-based entities that offer goods or services to individuals in the EU, irrespective of whether a payment is required

Australian-based entities that monitor the behaviour of individuals in the EU, where that behaviour takes place within the EU.

PwC can help you assess your GDPR readiness

As a multi-disciplinary practice made up of risk, data governance, cyber and legal practitioners, we are uniquely placed to help your business adjust to the new regulatory environment. Our team includes the complementary skills and expertise of lawyers, consultants, auditors, risk specialists, forensics experts and strategists available to assist entities turn EU GDPR compliance into a competitive advantage. Our team is truly global, with leading practitioners throughout Asia, the UK and US, who are well positioned to work alongside our teams here in Australia.